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DETAILED ACTION 

1. This office action is in reply to an amendment filed on 01/20/2010. Claims 2-3 
are previously canceled. Thus claims 1 and 4-2 1 are pending of which claims 1 , 
1 1 and 2 1 are independent. 

Priority 

2. This application does not claim priority. Therefore, the effective filling data for 
the subject matter defined in the pending claims of this application is 
12/12/2003. 

Response to Argument 

3 Applicant's remark/ arguments filed on January 20, 2010 have been fully 
considered but they are not persuasive. 



Referring to the Independent claims 1, 11 and 21, Applicant's representative 
argued that the reference/ s on the record, namely neither Carter nor Rider 
teach, suggest, or disclose the following amended/ bolded limitation, "building a 
member definition comprising a member identifier, an access control list, a 
private key of a key pair for use in encrypting the document,..." 



Applicant's representative on page 7 of the submitted remark wrote the 
following in support of the above argument. 

"Carter, which is cited by the Examiner as disclosing building a member 
definition, fails to teach the member definition including, inter alia, a private key 
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of a key pair, as now recited in claim 1. The deficiencies of Carter are not 
remedied by Rider, which is cited as teaching linking the member definition to a 
first data portion of a document, receiving a request from the user to access the 
document, comparing the request with the access right, and allowing access to 
only the first data portion, or Frey, which is cited as teaching an access control 
list. In view of the foregoing, it is apparent that the cited combination fails to 
teach or suggest the invention as recited in claim 1; therefore, the rejection is not 
supported by the cited combination and should be withdrawn. Claims 1 1 and 21 
include limitations similar to those of claim 1 and are therefore also deemed to be 
in condition for allowance for at least the same reasons presented above. Claims 
4-10 and 12-20 depend from and further limit claims 1 and 1 1 and therefore are 
deemed to be in condition for allowance for at least that reason" 
Examiner disagrees with the above argument. 

Examiner counters that a careful reading of reference in particular the primary 
reference on the record Carter reveals that the feature argued by the applicant's 
representative is indeed still taught by the reference/s on the record. 

Examiner would like to point out that, Carter on column 14 lines 16-22 and 
column 14, lines 4-5 discloses the following which meets the limitation recited 
as "building a member definition comprising, a private key of a key pair for 
use in encrypting the document." 

"As noted, the member definition 96 includes the encrypted message digest 102 
if the member in question has collaboratively signed the document 90. As 



Application/Control Number: 10/734,935 Page 4 

Art Unit: 2432 

explained in greater detail below in connection with FIG. 10, the encrypted 
message digest 102 is formed by generating a message digest based on the 
current contents of the data portion 94 of the document 90 and then 
encrypting that message digest with the private key 80 of the member 
who is signing the document 90." Furthermore on column 14, lines 4-5, it 
has also been disclosed that the private key 80 is a key pair which 
corresponds to the public key 78. Thus contrary to the argument presented 
by the applicant's representative, the message digest 102 which is formed by 
generating a message digest based on the current contents of the data 
portion 94 of the document 90 and then encrypting that message digest 
with the private key 80 of the member who is signing the document 90 
implicitly contains the private key of the member who is signing the 
document. With out the private key, it is not possible to produce the said 
message digest. Furthermore as it is disclosed on column 14, lines 4-5, the 
private key 80 is a key pair which corresponds to the public key 78 and 
this meets the argued limitation, "building a member definition comprising, 
a private key of a key pair for use in encrypting the document" 

Thus for the above reasons, the argued limitation of the respective independent 
claims 1,11 and 21 is taught by the reference/ s on the record. Thus the 
previous rejection set forth in the previous office action is maintained. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the 
manner and process of making and using it, in such full, clear, concise, and 
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exact terms as to enable any person skilled in the art to which it pertains, or 
with which it is most nearly connected, to make and use the same and shall set 
forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1, 2-21 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. Based 
on a thorough review of the entire disclosure and a text search for the following 
bolded amended limitation ""building a member definition comprising, a 
private key of a key pair for use in encrypting the document ", there is no 
"readily apparent support" explicitly indicating the fact that the member 
definition includes the private key for use in encrypting the document. 
Examiner would like to point out that figure 2 of the applicant's submitted 
drawing indicate that the member definition includes only member identifier, 
access control list and digital signature. 

Applicant's representative is required to indicate where in the specification such 
limitation is explicitly disclosed. 

Claim Rejections - 35 USC §101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, 
manufacture, or composition of matter, or any new and useful improvement 
thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

7. Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 
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8. Claims 1-10 are rejected under 35 U.S.C. 101. Based on Supreme Court 
precedent and recent Federal Circuit decisions, a 35 U.S.C § 101 process must 
(1) be tied to a particular machine or (2) transform underlying subject matter 
(such as an article or materials) to a different state or thing. In re Bilski et al, 
88 USPQ 2d 1385 CAFC (2008); Diamond v. Diehr, 450 U.S. 175, 184 (1981); 
Parker v. Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 
63, 70 (1972); Cochrane v. Deener, 94 U.S. 780,787-88 (1876). 

An example of a method claim that would not qualify as a statutory process 
would be a claim that recited purely mental steps. Thus, to qualify as a § 101 
statutory process, the claim should positively recite the particular machine to 
which it is tied, for example by identifying the apparatus that accomplishes the 
method steps, or positively recite the subject matter that is being transformed, 
for example by identifying the material that is being changed to a different 
state. 

Here, applicant's method steps: recited in independent claim 1, is broad enough 
that the steps could be done or completely performed mentally, verbally or 
without a machine nor is any transformation apparent. Thus, the claims are 
non-statutory. 

9. Claims 11-20 are directed to a system claim. Examiner asserts that the 
limitations recited in the claim raises a question as to whether or not it 
contains any hardware elements such as microprocessor. Therefore these 
system claims do not fall within the statutory classes listed in 35 USC 
101. The language of the claims raises a question as to whether the claims are 
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directed merely to an abstract idea that is not tied to a technological art, 
environment or machine to form the basis of statutory subject matter under 35 
U.S.C. 101. See MPEP § 2106 IV. B. 1(a). 
10. Independent Claim 21 recites the following limitation at the beginning of the 

claim. "A computer readable medium " Examiner asserts that claim 2 1 does not 
fall within the statutory classes listed in 35 USC 101 because the computer 
readable medium can be broadly interpreted as signal and carrier wave, which 
is not statutory subject matter. It is recommended that the above limitation is 
replaced by the following limitation, "A non-transitory computer readable 
storage medium" 



Claim Rejections - 35 USC §103 



11. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 

all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the differences 
between the subject matter sought to be patented and the prior art are such 
that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 



12. Claims 1. 4- 1Q are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stephen R. Carter (hereinafter referred as Carter)(U.S. Patent No. 5,787,175) 
(Date of patent 28, 1998), in view of Rider (hereinafter referred to as Rider) 
(U.S. Patent Publication 2006/0173999 Al) (filed on 08/07/2003, claims 
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priority of a provisional application filed on 08/07/2002) further in view Frey et 
al (hereinafter referred as Frey) (U.S. Patent No. 7,017,183 Bl, filed on Jun 29, 
2001) 



13. As per independent claim 1 Carter discloses a method for controlling 
access to a document, [Abstract] comprising: 

• Determining an access right for a user; (Column 12, lines 56-63; 
column 15, lines 62-67; abstract and column 8, lines 27-29) (Access control 
Methods FIGS. 4-9 illustrate one method according to the present invention for 
controlling collaborative access to the work group document 90. In particular, the 
method includes computer-implemented steps for collaboratively encrypting the 
document 90 (FIG. 6) and steps for restricting access to the data portion 94 of the 
collaboratively encrypted document (FIG. 9)). 

• building a member definition [Figure 5, see "member definition"] 
comprising a member identifier [Figure 5, ref Num "98", See "member 
identifier'], an access control [See column 12,lines 56-57; column 13, lines 52- 
62, see figure 5, ref. Num 100, "encrypted document key" signed by the public 
key of the member. Only the member with the corresponding private key can 
access the document. In particular see the following which is disclosed on column 
13, lines 64-column 14, lines 5, "The encrypted document key 100 is formed by 
encrypting the document key obtained during the step 110 with the public key of 
the member in question, which was obtained during the step 116. Note that the 
underlying document key is the same for each member of the collaborative group, 
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but the encrypted form 100 of the document key is unique to each member. Those 
of skill in the art will appreciate, that the encrypted document key 100 can be 
decrypted only by using the private key 80 that corresponds to the public key 78 
used to encrypt the document-key. "See also "collaborative access controller 44" 
which is described on column 6, lines 1 1-22 as the access controller which 
restrict access to the members only. Non members are restricted form accessing 
the information. See for instance the following disclosed on column 6, lines 11-12, 
"users who are currently members of a collaborative group can readily access the 
information, while users who are not currently members of the group cannot"] a 
private key of a key pair for use in encrypting the document [column 14 
lines 16-22 and column 14, lines 4-5] ("As noted, the member definition 96 
includes the encrypted message digest 102 if the member in question has 
collaboratively signed the document 90. As explained in greater detail below in 
connection with FIG. 10, the encrypted message digest 102 is formed by 
generating a message digest based on the current contents of the data portion 94 
of the document 90 and then encrypting that message digest with the 
private key 80 of the member who is signing the document 90." 
Furthermore on column 1 4, lines 4-5, it has also been disclosed that the private 
key 80 is a key pair which corresponds to the public key 78. Thus, the message 
digest 102 which is formed by generating a message digest based on the current 
contents of the data portion 94 of the document 90 and then encrypting that 
message digest with the private key 80 of the member who is signing the 
document 90 implicitly contains the private key of the member who is signing the 
document. With out the private key, it is not possible to produce the said message 
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digest. Furthermore as it is disclosed on column 14, lines 4-5, the private key 80 
is a key pair which corresponds to the public key 78 and this meets the argued 
limitation, "building a member definition comprising, a private key of a key pair 
for use in encrypting the document") 

and a digital signature,/See also figure 5, ref. Num "102", "encrypted message 
digest", signed by the private key. In particular see what is disclosed on column 
14, lines 15-21, "the encrypted message digest 102 is formed by generating a 
message digest based on the current contents of the data portion 94 of the 
document 90 and then encrypting that message digest with the private key 80 of 
the member who is signing the document 90. " See also the abstract and column 
6, lines 11-12, "collaborative ffi^^S^S sucn that members of the group can 
digitally sign a particular version of the data portion. These collaborative 
WMilWM^Ii can then be used to advantage in ways similar to conventional 
individual digital *Tx^??5ii- For instance, the collaboraliri ^f^^SS can be 
used to identify the signing member. "] and associating the member definition 
with the user. [Figure 5 and column 6, lines 11-22, See "Users who are currently 
members of a collaborative group can readily access the information, while users 
who are not currently members of the group cannot"] 

and 

• Linking the member definition to a portion of a document. [Figure 6, 
ref. Num "120"] ("Link member definition(s) with document") 

Carter does not explicitly disclose 
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linking the member definition to a first data portion of a document, wherein the 
document has the first data portion and a second data portion, 
receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data portion 
in accordance with the access right 

However, in the same field of endeavor, Rider discloses, 
Linking the member definition to a first data portion of a document, 
wherein the document has the first data portion and a second data 
portion, [paragraph 0044, figure 4A & 0034-0035] (As shown, document 400 
includes descriptor portion 402 and data portion 404. Descriptor portion 402 can 
include basic information about the device and its operation whereas data portion 
404 can include actual data, which can be employed by specific applications. 
Portion 406 is a portion of data 404 that has its access governed in accordance 
with the principles of tier two security as described herein. That is, one or more 
access rights can be associated with portion 406. Although one portion 406 
is shown, an ordinarily skilled artisan will appreciate that the same or other 
access rights can govern other portions of data portion 404.) 
Receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data 
portion in accordance with the access right [Paragraph 0034-0035 
paragraph 0044, figure 4A] (On paragraph 0034, the following has been disclose. 
Moreover, security manager 1 70 can permit, restrict or completely deny a user 
request to access one or more documents as well as the contents of those 
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documents. A document or a portion thereof can represent a command for, or a 
configuration of one of devices 135 such as a router or switch. Security manager 
1 70 governs by determining whether a particular user has access rights to a 
specific network resource, a particular document or only a portion of a 
document. Furthermore on paragraph 0035, the following has been 
disclosed. "By restricting access in relation to a document's content, a more fine- 
grained approach to configuring, managing and monitoring network resources is 
realized. Hence, tier two security restricts a user to data constituting a portion 
of an entire document rather than providing complete or no access to 
that document. For example, FIG. 4A depicts document portion 406 that is 
accessible. Note that other portions of document 400 are not necessarily 
accessible to that user.") 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the feature such as linking the member 
definition to a first data portion of a document, wherein the document has the 
first data portion and a second data portion and receiving a request from the 
user to access the document; comparing the request with the access right; and 
allowing access to only the first data portion in accordance with the access right 
as per teachings of Rider into the method as taught by Carter, in order to 
provide a more fine-grained access control to the resources (portions of 
documents) [See For instance Rider on paragraph 0035] 
The combination of Carter and Rider does not explicitly disclose that the 
access control is actually the "access control list" 



Application/Control Number: 10/734,935 Page 13 

Art Unit: 2432 

However, in the same field of endeavor Frey at least on column 10, lines 5- 
11, figure 4, ref. Num "438", column 4, lines 35-40 and figure 1, ref. Num 
"144" discloses the following which meets the limitation recited as "access 
control list". "In accordance with a preferred embodiment, portal database 424 
further comprises a user profile table 430, a group profile table 432, a group 
membership table 434, an object security table 436, and an ACL (access 
control list) sync map 438 (hereinafter synchronization map 438), these tables 
and maps comprising information as will be described further infra." 
Furthermore on column 4, lines 35-40 and figure 1, ref. Num "144", the 
following has also been disclosed which meets the limitation recited as "access 
control list" "For each document in that set, the access control list 144 is 
checked to see if that portal user has access permission to that document, 
or if that user is a member of a portal group having access permission to that 
document. The portal user is only presented with a listing of documents for 
which they have access permission." 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to employ features such as access control as per 
teachings of Frey into the method of "access control" as taught by the 
combination of Carter and Rider, in order to enhance the security by providing 
further fine-grained access control to the resources) [See For instance Frey 
column 4, lines 35-40 ] 



Application/Control Number: 10/734,935 Page 14 

Art Unit: 2432 

14. As per dependent claim 4 the combination of Carter. Rider and Frev 
discloses a method as applied to claims above. Furthermore, Carter 
discloses the method, further comprising adding a new user to the 
document. [Figure 7, column 7, lines 3-5] ("adding a new member") 

15. As per dependent claim 5 the combination of Carter, Rider and Frey 
discloses a method as applied to claims above. Furthermore, Carter 
discloses the method, further comprising removing a member from the 
document. [Figure 8, column 7, lines 5-7] ("removing a member") 

16. As per dependent claim 6 the combination of Carter, Rider and Frey 
discloses a method as applied to claims above. Furthermore, Carter 
discloses the method further comprising: storing the member definition 
remotely from the document, [column 14, lines 35-38] 

17. Ag per dependent claim 7 the combination of Carter, Rider and Frey 
discloses a method as applied to claims above. Furthermore, Carter 
discloses the method further comprising: storing the member definition in 
the document. [Column 14, lines 31-34] ( "In one embodiment, linking is 
accomplished by SHf' the encrypted data portion 94 and the prefix portion 92 
(including one or more WB$W^.^J^'?Kf§ 96) together in a file on a disk, tape, or 
other conventional WSSE medium. ") 

18. As per dependent claim 8 the combination of Carter and Frev discloses a 
method as applied to claims above. Furthermore, Carter discloses the 
method further comprising: further comprising: 
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encrypting the document; and linking the member definition with a public 
key and a private key. [column 11, lines 61- column 12, lines 7] 
19. As per claims 9-10 the combination of Carter. Rider and Frev discloses a 
method as applied to claims above. Furthermore, Rider discloses the method, 
further comprising: determining a second access right for the user; building a 
second member definition using the second access right; and linking the second 
member definition to a second portion of a document [Paragraph 0034-0035 
paragraph 0044, figure 4A]. 



20. Claims 11-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stephen R. Carter (hereinafter referred as Carter)(U.S. Patent No. 5,787,175) 
(Date of patent 28, 1998), in view of Rider (hereinafter referred to as Rider) 
(U.S. Patent Publication 2006/0173999 Al) (filed on 08/07/2003, claims 
priority of a provisional application filed on 08/07/2002) 



21. As per independent claim 1 1 Carter discloses a method for controlling 
access to a document, [Abstract] comprising: 

• A document comprising a first data and a second data. [ "the 
documents, which are indicated as 4, ref. Num "92" could be more than one as it 
is indicated on column 14, lines 23-24 and figure 4-6, the system builds one 
or more member definitions which is associated with one or more 
documents.] 
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a first member definition [figure 5, ref. Num "96", "Member definition "] 
associated with the first data[See figure 4, ref. Num "92 "/"document "] 
wherein the first member definition contains a first user identifier [Figure 
5, ref. Num "98"] and a private key of a key pair for use in encrypting the 
document [column 14 lines 16-22 and column 14, lines 4-5] ("As noted, the 
member definition 96 includes the encrypted message digest 102 if the member in 
question has collaboratively signed the document 90. As explained in greater 
detail below in connection with FIG. 10, the encrypted message digest 102 is 
formed by generating a message digest based on the current contents of the data 
portion 94 of the document 90 and then encrypting that message digest with 
the private key 80 of the member who is signing the document 90." 
Furthermore on column 14, lines 4-5, it has also been disclosed that the private 
key 80 is a key pair which corresponds to the public key 78. Thus, the message 
digest 1 02 which is formed by generating a message digest based on the current 
contents of the data portion 94 of the document 90 and then encrypting that 
message digest with the private key 80 of the member who is signing the 
document 90 implicitly contains the private key of the member who is signing the 
document. With out the private key, it is not possible to produce the said message 
digest. Furthermore as it is disclosed on column 14, lines 4-5, the private key 80 
is a key pair which corresponds to the public key 78 and this meets the argued 
limitation, "building a member definition comprising, a private key of a key pair 
for use in encrypting the document") 

a first access right for a first user for the first data [Figure 5, ref. Num "100"; 
see the "encrypted document key" which is encrypted by the member's public 
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key. Only the Member who has access to the information could use his 
corresponding private key to decrypt and get the document key which allows the 
member to access the document. In particular see the following which is disclosed 
on column 13, lines 64-column 14, lines 5, "The encrypted document key 100 is 
formed by encrypting the document key obtained during the step 110 with the 
public key of the member in question, which was obtained during the step 116. 
Note that the underlying document key is the same for each member of the 
collaborative group, but the encrypted form 100 of the document key is unique to 
each member. Those of skill in the art will appreciate, that the encrypted 
document key 100 can be decrypted only by using the private key 80 that 
corresponds to the public key 78 used to encrypt the document-key."] ; 

As it is indicated 14, lines 23-24 and figure 4-6, the system builds one or 
more member definitions. And the member definitions shown on figure 5, 
is associated to the documents shown on figure 4. Even though only one 
document is shown on figure 4, ref. Num "54, 90" the system is built for 
one or more documents. See the documents described on column 9, lines 
35. 

Thus the following is also correct. 

a second member definition [figure 5, ref. Num "96", "Member definition "] 
associated with the second data [See figure 4, ref. Num "92 "/"document 
wherein the second member definition contains a second user 
identifier[Figure 5, ref. Num "98"] and a private key of a second key pair for 
use in encrypting the second data [column 14 lines 16-22 and column 14, 
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lines 4-5] ("As noted, the member definition 96 includes the encrypted message 
digest 102 if the member in question has collaboratively signed the document 90. 
As explained in greater detail below in connection with FIG. 10, the encrypted 
message digest 102 is formed by generating a message digest based on the 
current contents of the data portion 94 of the document 90 and then encrypting 
that message digest with the private key 80 of the member who is signing 
the document 90." Furthermore on column 14, lines 4-5, it has also been 
disclosed that the private key 80 is a key pair which corresponds to the public 
key 78. Thus, the message digest 102 which is formed by generating a message 
digest based on the current contents of the data portion 94 of the document 90 
and then encrypting that message digest with the private key 80 of the member 
who is signing the document 90 implicitly contains the private key of the member 
who is signing the document. With out the private key, it is not possible to 
produce the said message digest. Furthermore as it is disclosed on column 14, 
lines 4-5, the private key 80 is a key pair which corresponds to the public key 78 
and this meets the argued limitation, "building a member definition comprising a , 
private key of a second key pair for use in encrypting the second data") 

and a second access right for a second user for the second data; [Figure 5, 
ref. Num "100"; see the "encrypted document key" which is encrypted by the 
member's public key. Only the Member who has access to the information could 
use his corresponding private key to decrypt and get the document key which 
allows the member to access the document. In particular see the following which 
is disclosed on column 13, lines 64-column 14, lines 5, "The encrypted document 
key 100 is formed by encrypting the document key obtained during the step 110 
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with the public key of the member in question, which was obtained during the 
step 116. Note that the underlying document key is the same for each member of 
the collaborative group, but the encrypted form 100 of the document key is unique 
to each member. Those of skill in the art will appreciate, that the encrypted 
document key 100 can be decrypted only by using the private key 80 that 
corresponds to the public key 78 used to encrypt the document-key."] ; 

Carter does not explicitly disclose 

Wherein the document has the first data portion and a second data portion, 
receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data portion 
in accordance with the access right 

However, in the same field of endeavor, Rider discloses, 
Linking the member definition to a first data portion of a document, 
wherein the document has the first data portion and a second data 
portion, [paragraph 0044, figure 4A & 0034-0035] (As shown, document 400 
includes descriptor portion 402 and data portion 404. Descriptor portion 402 can 
include basic information about the device and its operation whereas data portion 
404 can include actual data, which can be employed by specific applications. 
Portion 406 is a portion of data 404 that has its access governed in accordance 
with the principles of tier two security as described herein. That is, one or more 
access rights can be associated with portion 406. Although one portion 406 
is shown, an ordinarily skilled artisan will appreciate that the same or other 
access rights can govern other portions of data portion 404.) 
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Receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data 
portion in accordance with the access right [Paragraph 0034-0035 
paragraph 0044, figure 4A] (On paragraph 0034, the following has been disclose. 
Moreover, security manager 1 70 can permit, restrict or completely deny a user 
request to access one or more documents as well as the contents of those 
documents. A document or a portion thereof can represent a command for, or a 
configuration of, one of devices 135 such as a router or switch. Security manager 
1 70 governs by determining whether a particular user has access rights to a 
specific network resource, a particular document or only a portion of a 
document. Furthermore on paragraph 0035, the following has been 
disclosed. "By restricting access in relation to a document's content, a more fine- 
grained approach to configuring, managing and monitoring network resources is 
realized. Hence, tier two security restricts a user to data constituting a portion 
of an entire document rather than providing complete or no access to 
that document. For example, FIG. 4A depicts document portion 406 that is 
accessible. Note that other portions of document 400 are not necessarily 
accessible to that user.") 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the feature such as linking the member 
definition to a first data portion of a document, wherein the document has the 
first data portion and a second data portion and receiving a request from the 
user to access the document; comparing the request with the access right; and 
allowing access to only the first data portion in accordance with the access right 
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as per teachings of Rider into the method as taught by Carter, in order to 
provide a more fine-grained access control to the resources (portions of 
documents) [See For instance Rider on paragraph 0035]. 



22. Independent claim 21 is rejected on the same reason as that of the above 
independent claim 11, However independent claim 21 further recites 
additional limitation. Thus the following rejection only considers the 
additional limitation. 

As per independent claim 21 Carter discloses a method for controlling 
access to a document, [Abstract] comprising: 

• Determining an access right for a user; (Column 12, lines 56-63; 
column 15, lines 62-67; abstract and column 8, lines 27-29) (i^^^^^^S 

Methods FIGS. 4-9 illustrate one method according to the present invention for 
controlling collaborative access to the work group document 90. In particular, the 
method includes computer-implemented steps for collaboratively encrypting the 
document 90 (FIG. 6) and steps for restricting access to the data portion 94 of the 
collaboratively encrypted document (FIG. 9)). 

• building a member definition [Figure 5, see "member definition"] 
comprising a member identifier [Figure 5, ref. Num "98", See "member 

identifier'], an access control [See column 12,lines 56-57; column 13, lines 52- 
62, see figure 5, ref. Num 100, "encrypted document key" signed by the public 
key of the member. Only the member with the corresponding private key can 
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access the document. In particular see the following which is disclosed on column 
13, lines 64-column 14, lines 5, "The encrypted document key 100 is formed by 
encrypting the document key obtained during the step 110 with the public key of 
the member in question, which was obtained during the step 116. Note that the 
underlying document key is the same for each member of the collaborative group, 
but the encrypted form 100 of the document key is unique to each member. Those 
of skill in the art will appreciate, that the encrypted document key 100 can be 
decrypted only by using the private key 80 that corresponds to the public key 78 
used to encrypt the document-key. "See also "collaborative access controller 44" 
which is described on column 6, lines 11-22 as the access controller which 
restrict access to the members only. Non members are restricted form accessing 
the information. See for instance the following disclosed on column 6, lines 11-12, 
"users who are currently members of a collaborative group can readily access the 
information, while users who are not currently members of the group cannot"] 
and a private key of a key pair for enabling the first user to encrypt the 
document [column 14 lines 16-22 and column 14, lines 4-5] ("As noted, the 
member definition 96 includes the encrypted message digest 102 if the member in 
question has collaboratively signed the document 90. As explained in greater 
detail below in connection with FIG. 10, the encrypted message digest 102 is 
formed by generating a message digest based on the current contents of the data 
portion 94 of the document 90 and then encrypting that message digest with 
the private key 80 of the member who is signing the document 90." 
Furthermore on column 14, lines 4-5, it has also been disclosed that the private 
key 80 is a key pair which corresponds to the public key 78. Thus, the message 
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digest 102 which is formed by generating a message digest based on the current 
contents of the data portion 94 of the document 90 and then encrypting that 
message digest with the private key 80 of the member who is signing the 
document 90 implicitly contains the private key of the member who is signing the 
document. With out the private key, it is not possible to produce the said message 
digest. Furthermore as it is disclosed on column 14, lines 4-5, the private key 80 
is a key pair which corresponds to the public key 78 and this meets the argued 
limitation, "building a member definition comprising, a private key of a key pair 
for use in encrypting the document") 

and a digital signature,/See also figure 5, ref. Num "102", "encrypted message 
digest", signed by the private key. In particular see what is disclosed on column 
14, lines 15-21, "the encrypted message digest 102 is formed by generating a 
message digest based on the current contents of the data portion 94 of the 
document 90 and then encrypting that message digest with the private key 80 of 
the member who is signing the document 90. " See also the abstract and column 
6, lines 11-12, "collaborative fif pWf?!^?il such that members of the group can 
digitally sign a particular version of the data portion. These collaborative 

"\*W$* can then be used to advantage in ways similar to conventional 
individual digital -^t^i Ol For instance, the collaborative ^^^^^p can be 
used to identify the signing member. "] and associating the member definition 
with the user. [Figure 5 and column 6, lines 11-22, See "Users who are currently 
members of a collaborative group can readily access the information, while users 
who are not currently members of the group cannot"] 
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and 

• Linking the member definition to a portion of a document. [Figure 6, 
ref. Num. "120"] ("Link member definition(s) with document") 
Carter does not explicitly disclose 

linking the member definition to a first data portion of a document, wherein the 
document has the first data portion and a second data portion, 
receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data portion 
in accordance with the access right 

However, in the same field of endeavor, Rider discloses, 
Linking the member definition to a first data portion of a document, 
wherein the document has the first data portion and a second data 
portion, [paragraph 0044, figure 4A & 0034-0035] (As shown, document 400 
includes descriptor portion 402 and data portion 404. Descriptor portion 402 can 
include basic information about the device and its operation whereas data portion 
404 can include actual data, which can be employed by specific applications. 
Portion 406 is a portion of data 404 that has its access governed in accordance 
with the principles of tier two security as described herein. That is, one or more 
access rights can be associated with portion 406. Although one portion 406 
is shown, an ordinarily skilled artisan will appreciate that the same or other 
access rights can govern other portions of data portion 404.) 
Receiving a request from the user to access the document; comparing the 
request with the access right; and allowing access to only the first data 
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portion in accordance with the access right [Paragraph 0034-0035 
paragraph 0044, figure 4A] (On paragraph 0034, the following has been disclose. 
Moreover, security manager 1 70 can permit, restrict or completely deny a user 
request to access one or more documents as well as the contents of those 
documents. A document or a portion thereof can represent a command for, or a 
configuration of, one of devices 135 such as a router or switch. Security manager 
1 70 governs by determining whether a particular user has access rights to a 
specific network resource, a particular document or only a portion of a 
document. Furthermore on paragraph 0035, the following has been 
disclosed. "By restricting access in relation to a document's content, a more fine- 
grained approach to configuring, managing and monitoring network resources is 
realized. Hence, tier two security restricts a user to data constituting a portion 
of an entire document rather than providing complete or no access to 
that document. For example, FIG. 4A depicts document portion 406 that is 
accessible. Note that other portions of document 400 are not necessarily 
accessible to that user.") 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the feature such as linking the member 
definition to a first data portion of a document, wherein the document has the 
first data portion and a second data portion and receiving a request from the 
user to access the document; comparing the request with the access right; and 
allowing access to only the first data portion in accordance with the access right 
as per teachings of Rider into the method as taught by Carter, in order to 
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provide a more fine-grained access control to the resources (portions of 
documents) [See For instance Rider on paragraph 0035] 

23. As per dependent claims 12-13 the combination of Carter and Rider 
discloses a method as applied to claims above. Furthermore, Rider discloses the 
method, wherein the access controller limits access to the document in 
accordance with the first access right and the second access right. And, 
wherein the first user identifier and the second user identifier identify the same 
user and the first access right and the second access right identify different 
access rights [Paragraph 0034-0035 paragraph 0044, figure 4A]. 

24. As per dependent claim 14 the combination of Carter and Rider discloses a 
method as applied to claims above. Furthermore, Carter discloses the 
method wherein the first member definition contains a digital signature. 
[Abstract and figure 10, ref. Num "184"] 



25. As per dependent claim 15 the combination of Carter and Rider discloses a 
method as applied to claims above. Furthermore, Carter discloses the 
method wherein the first member definition and second member 
definition are stored remotely from the document, [column 14, lines 35-38] 

26. As per claim dependent 16 the combination of Carter and Rider discloses a 
method as applied to claims above. Furthermore, Carter discloses the 
method where in the first and second the member definition are stored in 
the document. [Column 14, lines 31-34] ( "In one embodiment, linking is 
accomplished by fSBS the encrypted data portion 94 and the prefix portion 92 
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(including one or more Sll I 96) together in a file on a disk, tape, or 

other conventional IffllRflP medium. ") 

27. As per dependent claims 17-20 the combination of Carter and Rider 
discloses a method as applied to claims above. Furthermore, Carter 
discloses the method wherein the document is tagged document/XML 
document/text document/binary document. [Column 9, lines 32-61] 



Conclusion 

28. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will expire on the date the 
advisory action is mailed, and any extension fee pursuant to 37 CFR 1. 136(a) 
will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from 
the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 
571-272-3806. The examiner can normally be reached on Monday-Friday (8:00 
am— 4: 30 pm). 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, BARRON JR GILBERTO can be reached on 571- 
272-3799. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

/Samson B Lemma/ 
Examiner, Art Unit 2432 



/Jung Kim/ 

Primary Examiner, AU 2432 



